Preventing further hacks on the St. Joe’s community
St. Joe’s Office of Information Technology has required mandatory online training on data security and privacy for all faculty and staff, bringing to a close the month-long October National Cyber Security Awareness Month.
“We work very closely with the university community through our governance groups to implement security policies and procedures that we hope are both effective and reasonable,” Joseph Petragnani, associate vice president of the Office of Information Technology, said in an email correspondence. “We integrate security into all levels of our technology infrastructure, starting at the network, continuing to all of the systems/services we support.”
Since both St. Joe’s students and faculty have been affected by hacking, the topic of information security has been discussed more frequently on campus since the end of the 2016-2017 academic year.
St. Joe’s students, faculty, and staff received a phishing email on May 3, 2017. A phishing email is an email designed to install software that can steal personal information, often installed by the receiver clicking on a link. Kristen Herrmann ’19 was one of many students to receive this email.
“It looked just like an invitation to a Google doc,” Herrmann said. “I was expecting an email from that person, so, naturally, I opened it. About five minutes later, I got a university email saying not to open it.”
Herrmann did not see any repercussions from opening up the phishing email. However, this email was also sent to many St. Joe’s students and faculty.
“In this case, the spammer wanted you to authorize an application that would allow access to your SJU email account,” the Technology Service Center wrote in an email to the entire student body and staff.
Jason Mezey, Ph.D., associate professor of English, received the phishing email before the link was deactivated by Google. This was also before the university was able to send out their response, warning students and faculty of the email.
“It was a phase when drafts were circulating and papers were due and what looked to be a student of mine shared a document,” Mezey said. “It took me about five or 10 seconds to process that I was hacked.”
St. Joe’s is hoping to move forward, implementing more preventative measures and policies while emphasizing the importance of protecting personal data and information.
“We are actively working with the community on an updated iteration of our Information Security policy,” Petragnani said. “We hope to have this finalized before the end of the calendar year.”
According to a 2016 statistic from Price Waterhouse Cooper (PWC), a multinational professional services network, 54 percent of organizations in the United States reported experiencing cyber crime in the previous two years, while only half have an operational cyber-response plan in place.
In the recent Equifax breach, the confidential information of more than 145 million Americans was potentially compromised. This information includes Social Security numbers, birthdates and addresses. Richard Smith, former Equifax CEO, was replaced in late September, after the breach became public.
According to a press release issued by Equifax on Sept. 26, 2017, Smith will continue with the company as an unpaid consultant through the transition process, but new leadership will be necessary for the company moving forward. This push for new leadership was in response to public backlash towards Equifax, who knew about the breach on July 29, 2017, but did not make it public until Sept. 7, 2017.
Cyber security breaches have been prevalent in the United States, most recently with the Equifax and Yahoo hacks. ese breaches happened in the wake of other serious attacks like Russia in the United States 2016 elections, which have yet to be fully understood.